On Tue, Nov 14, 2006 at 11:11:18AM +0530, Shingari, Nitin V. wrote:
In Nessus plug-ins CVE IDs are written in script_cve_id (…).
In some plug-ins few CVE IDs are mentioned with IF conditions like:
*if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0533");*
*if(defined_func("script_xref"))script_xref(name:"CVE",
value:"CVE-2003-0663");*
Can we relate *CVE ID *with the plug-in if it’s mentioned in IF
condition but not in *script_cve_id* tag?
Yes. Older versions of Nessus (pre 2.2.x, I believe) had issues if there
were more than 8 ids in a call to script_cve_id(). So if a plugin
corresponded to more than that, additional ones would be added using
script_xref(). The report should still lists all [unless you're running
with a version of Nessus that didn't support script_xref(), which is the
reason for the 'if(defined_func("script_xref"))'].
I'll adjust this particular plugin shortly to collect all the CVE ids
together since no one should be using Nessus 2.0 any longer. If you're
aware of any similar plugins, let me know please.
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
